diff options
author | Tony Battersby <tonyb@cybernetics.com> | 2009-02-04 15:12:04 -0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-02-12 09:31:03 -0800 |
commit | 2bba098bf6965d597db52ba6e377413b4cc24086 (patch) | |
tree | c03ef7f9b8cd1bf2d45eee9497d565cd4d7ed778 /ipc | |
parent | 70a7607eecf3cf7dd4cd03627ff244ae7b3729e5 (diff) |
shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
commit a68e61e8ff2d46327a37b69056998b47745db6fa upstream.
shm_get_stat() assumes that the inode is a "struct shmem_inode_info",
which is incorrect for !CONFIG_SHMEM (see fs/ramfs/inode.c:
ramfs_get_inode() vs. mm/shmem.c: shmem_get_inode()).
This bad assumption can cause shmctl(SHM_INFO) to lockup when
shm_get_stat() tries to spin_lock(&info->lock). Users of !CONFIG_SHMEM
may encounter this lockup simply by invoking the 'ipcs' command.
Reported by Jiri Olsa back in February 2008:
http://lkml.org/lkml/2008/2/29/74
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Reported-by: Jiri Olsa <olsajiri@gmail.com>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'ipc')
-rw-r--r-- | ipc/shm.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipc/shm.c b/ipc/shm.c index f00c897845f..35a65be6433 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -565,11 +565,15 @@ static void shm_get_stat(struct ipc_namespace *ns, unsigned long *rss, struct hstate *h = hstate_file(shp->shm_file); *rss += pages_per_huge_page(h) * mapping->nrpages; } else { +#ifdef CONFIG_SHMEM struct shmem_inode_info *info = SHMEM_I(inode); spin_lock(&info->lock); *rss += inode->i_mapping->nrpages; *swp += info->swapped; spin_unlock(&info->lock); +#else + *rss += inode->i_mapping->nrpages; +#endif } total++; |